nixos-config/modules/headscale.nix

{ pkgs, lib, ... }:
let
  headscalePort = "6969";
  headscaleDomain = "vpn.mc-fucker.cool";
in
{
  environment = {
    systemPackages = with pkgs; [ headscale wireguard-tools ];
    etc = {
      "headscale/config.yaml".text = ''
        ---
        disable_check_updates: true
        server_url: http://${headscaleDomain}:${headscalePort}
        listen_addr: 0.0.0.0:${headscalePort}
        ephemeral_node_inactivity_timeout: "30m"
        private_key_path: /etc/nixos/keys/headscale-key
        db_type: sqlite3
        db_path: db.sqlite
        derp:
          urls:
            - https://controlplane.tailscale.com/derpmap/default
          paths:
            - /etc/headscale/derp-example.yaml
          auto_update_enabled: true
          update_frequency: 24h
        dns_config:
          magic_dns: true
          base_domain: ${headscaleDomain}
          nameservers:
            - 9.9.9.9
      '';
      "headscale/derp-example.yaml".text = ''
        regions:
          900:
            regionid: 900
            regioncode: custom
            regionname: My Region
            nodes:
            - name: 1a
              regionid: 1
              hostname: myderp.mydomain.no
              ipv4: 123.123.123.123
              ipv6: "2604:a880:400:d1::828:b001"
              stunport: 0
              stunonly: false
              derptestport: 0
      '';
    };
  };

  systemd.services.headscale = {
    description = "Headscale VPN Server";
    wantedBy = [ "multi-user.target" ];
    after = [ "network-online.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.headscale}/bin/headscale serve";
      ExecReload = "/bin/kill -HUP $MAINPID";
      Restart = "on-failure";
      Type = "simple";
    };
  };

  networking.firewall.allowedTCPPorts = [ (lib.strings.toInt headscalePort) ];
}

# vim: set et ts=2 sw=2 ai:
added headscale to vpn server 2021-12-03 17:51:47 +01:00			`{ pkgs, lib, ... }:`
			`let`
			`headscalePort = "6969";`
			`headscaleDomain = "vpn.mc-fucker.cool";`
			`in`
			`{`
			`environment = {`
updated wireguard package name 2022-08-01 15:06:58 +02:00			`systemPackages = with pkgs; [ headscale wireguard-tools ];`
added headscale to vpn server 2021-12-03 17:51:47 +01:00			`etc = {`
			`"headscale/config.yaml".text = ''`
			`---`
			`disable_check_updates: true`
			`server_url: http://${headscaleDomain}:${headscalePort}`
			`listen_addr: 0.0.0.0:${headscalePort}`
			`ephemeral_node_inactivity_timeout: "30m"`
			`private_key_path: /etc/nixos/keys/headscale-key`
			`db_type: sqlite3`
			`db_path: db.sqlite`
			`derp:`
			`urls:`
			`- https://controlplane.tailscale.com/derpmap/default`
			`paths:`
			`- /etc/headscale/derp-example.yaml`
			`auto_update_enabled: true`
			`update_frequency: 24h`
			`dns_config:`
			`magic_dns: true`
			`base_domain: ${headscaleDomain}`
			`nameservers:`
			`- 9.9.9.9`
			`'';`
			`"headscale/derp-example.yaml".text = ''`
			`regions:`
			`900:`
			`regionid: 900`
			`regioncode: custom`
			`regionname: My Region`
			`nodes:`
			`- name: 1a`
			`regionid: 1`
			`hostname: myderp.mydomain.no`
			`ipv4: 123.123.123.123`
			`ipv6: "2604:a880:400:d1::828:b001"`
			`stunport: 0`
			`stunonly: false`
			`derptestport: 0`
			`'';`
			`};`
			`};`

			`systemd.services.headscale = {`
			`description = "Headscale VPN Server";`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network-online.target" ];`
			`serviceConfig = {`
			`ExecStart = "${pkgs.headscale}/bin/headscale serve";`
			`ExecReload = "/bin/kill -HUP $MAINPID";`
			`Restart = "on-failure";`
			`Type = "simple";`
			`};`
			`};`

			`networking.firewall.allowedTCPPorts = [ (lib.strings.toInt headscalePort) ];`
			`}`

			`# vim: set et ts=2 sw=2 ai:`